Earlier this month, the Facebook app for iOS quietly rolled out a new feature to some users in the US. A new link appeared in the Explore section of the app that said “Protect” with an image of a shield. Clicking on this link would take a user to the App Store page for Onavo, a service presenting itself as a VPN. But this appearance is inaccurate at best and downright malicious at worst – in fact, the Onavo app is not a VPN that will protect your privacy but is rather a kind of spyware which will collect unsuspecting users’ data and send it straight to Facebook.
The Onavo app has already been installed more than 30 million times across iOS and Android, which is extremely worrying – it’s likely that many of the people using the app believe that it is enhancing their privacy, when in fact it’s doing just the opposite. Today we’re going to explain how this controversy got started and what the Onavo app is, and then compare it to what a VPN should be and recommend some trustworthy VPNs that you can use instead. Read on to find out why the ‘Onavo Protect’ App From Facebook Is Not A VPN And You Shouldn’t Use It.
The Onavo App Store page calls itself a “VPN Security” product and claims that it will “[h]elp secure your personal information” and “[a]dd an extra layer of protection to all of your mobile data traffic”. It certainly looks like one of the many VPN apps available in the App Store.
However, if you open up the read more and scroll all the way down to the bottom of the product description, you’ll see this text:
“To provide this layer of protection, Onavo uses a VPN to establish a secure connection to direct all of your network communications through Onavo’s servers. As part of this process, Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.”
It might not be obvious to inexperienced users what this means, as it sounds like it might just be a disclaimer about collecting crash information to improve performance, which is common among many pieces of software. But actually, this text implies something much more sinister: that data about the way you use any sites, apps, or data on your phone while Onavo is running can and will be sent to Facebook. This is because Onavo is in fact owned by Facebook and is being used to deliberately collect data from unsuspecting users.
And in case you should think that such data would only be used to serve you personalised ads or something else fairly innocuous, there is evidence that this data is already being used by Facebook to spy on its competitors. Last year, the Wall Street Journal reported that Facebook used the data it gathered from Onavo about how users opened and used SnapChat in order to push itself ahead of this competing service.
RELATED READING: How to unblock Facebook with a VPN.
But what does this mean for regular users? Why should you be concerned about whether Onavo collects your data? The answer is that this app is essentially spywear, collecting information on all of the activity you do on your device and delivering this data to Facebook so that the company can gain an illicit step up on their competition.
Reaction to this revelation in the tech community has been predictably furious, with Onavo being described as “a major privacy risk”, “a spywear app”, “corporate spywear” and “vampiric”. The fact that the app tries to pass itself off as protecting users but is in fact doing just the opposite has been a major source of anger, as has the fact that it preys on users who aren’t well versed in privacy issues and who think they are making a good choice by using the app.
In response to the story on TechCrunch, Facebook provided a response:
“Like other VPNs, it acts as a secure connection to protect people from potentially harmful sites. The app may collect your mobile data traffic to help us recognize tactics that bad actors use. Over time, this helps the tool work better for you and others. We let people know about this activity and other ways that Onavo uses and analyses data before they download it.”
This response is downright deceitful, suggesting that Onavo is typical and that all VPNs collect user data and then send this data to massive corporations for their own benefit. This is emphatically not the case, as we’ll see now.
How A VPN Should Work
Here’s how a VPN should work: you install the VPN software onto your device, and you use it to connect to a server somewhere else in the world. Now, whatever data your device is going to send over the internet – whether it’s the text of your email messages, the URL of websites that you are visiting, or a video call over Skype – will be encrypted before it leaves your device. The encrypted data is sent to the server you are connected to, where it is decrypted and sent on its way to its original destination. You likely won’t even notice that your VPN is running during regular use, as it will sit in the background quietly encrypting everything and letting you use the internet as normal.
The point of this encryption is to prevent other people from getting access to your data. If you send data unencrypted over the internet, then many people might be able to see it. Your ISP can definitely see all of your internet data on your home connection, and if you are using a public wifi network like one in a coffee shop then other users on that network may be able to intercept that data too. Using a VPN to stop others from spying on your data improves your security as well as protecting your privacy.
Importantly in this case, one organisation that will be able to access your data is your VPN provider. This means that it’s vital that you can trust your VPN provider not to snoop into your data, to sell it to another company (such as Facebook), or to pass that data on to the government or law enforcement. The best way to find a VPN that is trustworthy is to pick one which is an established name and which has been thoroughly reviewed by security professionals.
Factors That Make A Good VPN
Now that you know how a good VPN should work, you can find a reputable VPN provider to keep you safe online. But with many providers to choose from – not to mention the presence of untrustworthy apps like Onavo in the App Store – how should you pick a VPN?
Here are the key factors that are most important when choosing a VPN:
- Good security, with strong 256-bit encryption to keep your data safe.
- Privacy protections, such as a no logging policy which means that none of the data about your internet use will be recorded. This way, you can be sure that your data will never be given or sold to Facebook or another company – because this data was never saved by your VPN in the first place.
- Fast connection speeds, so that your VPN doesn’t slow down your internet connection and you can continue using the internet as usual when your VPN in running.
- Lots of servers in many different countries, for the best flexibility so that you can always find a server that works and so that you can easily get around region locks by connecting to a server in another country.
- Well made software, which should support a variety of platforms so that you can protect all of your devices with just one VPN subscription.
Reliable VPNs That You Can Use For Facebook And Other Apps
If you’re looking for a VPN that you can use on your phone or one your computer in order to access the internet, use Facebook, and use other apps, we have put together a list of trustworthy VPNs. Unlike Onavo, these VPNs will all protect your privacy and never sell your data to another company, and they meet all of our requirements above.
ExpressVPN is a favourite VPN among serious internet users due to its super fast connections and large server network. It has excellent security, using strong 256-bit encryption and it has a no logging policy to protect your privacy and give you peace of mind.
ExpressVPN users get access to a large network of over 1000 servers in 145 different locations in 94 countries, and the software is available for iOS in addition to Windows, Mac OS, Android, and Linux. The app has extra features like a speed test and a DNS leak test so that you can find the fastest possible connection and be sure that your privacy is absolutely protected.
- SPECIAL OFFER: 3 months free (49% off - link below)
- Fast serves with minimal speed loss
- OpenVPN, IPSec & IKEv2 Encryption
- Strict no-logging policy
- Great customer service via chat.
- Max 3 simultaneous connections
- Slightly pricier than competition.
*** To try out ExpressVPN for yourself, take advantage of this exclusive offer for Addictive Tips readers: buy the yearly plan, and you’ll get an extra 3 months for free! This makes the total price just $6.67 per month. There’s also a 30-day money back guarantee with no questions asked, so you can try the service risk free.
NordVPN is the VPN that we recommend for those who are after the very highest level of security. This means that it has the strong 256-bit encryption and no logging policy that is standard, but it also takes security to the next level with its double encryption feature. The double encryption works like this: data on your device is encrypted before it is sent out over the internet, and is transmitted to a server somewhere else in the world. At this first server, the encrypted data is encrypted another time and sent on to a second server. At the second server, the data is decrypted and sent on to its original destination. This extra layer of encryption means that it is practically impossible for any person or organisation to gain access to your data, even if they use the most sophisticated cracking tools.
- Works with Netflix, BBC iPlayer without breaking a sweat
- No bandwidth caps
- 256-bit AES encryption with perfect forward secrecy
- Extra-secure Double VPN for data encryption
- Money back guarantee policy.
- Very little
- Can't specify City or Province in App.
The double encryption means that the speeds of NordVPN are not as fast as some others, but the connections are still plenty fast enough for everyday tasks like streaming high definition video. And the server network is large, consisting of more than 1000 servers in over 60 different countries. You can get the NordVPN app for iOS, and the software is also available for Windows, Mac OS, Linux, iOS, Chrome OS, Android, and Windows Phone, plus browser extensions.
Get a huge 66% discount on the two year special of NordVPN, for a total cost of just $3.99 per month, with a 30 day money-back guarantee.
IPVanish is ideal for those who want a VPN which is first and foremost fast, as well as being secure. With lightning fast connections and good security features like 256-bit encryption and a no logging policy, you don’t need to sacrifice security for speed. The network of 950 servers in 60 different countries is plenty for all of your needs and for getting around any region locks that you might come across. There is an iOS app available, plus software support for Windows, Mac OS, Android, Linux, Windows Phone, and more.
We have an exclusive deal on IPVanish services for Addictive Tips readers: a 60% discount on the yearly plan, bringing the price down to just $4.87 per month. There’s also a seven day money back guarantee so you can buy in confidence.
PureVPN is ideal for those who are new to all of this VPN business and are looking for a simple, easy to use, all in one security solution. PureVPN includes a VPN service which has the fast connections, strong 256-bit encryption, and no logging policy that we insist on. The network of servers is plenty big enough, as it includes more than 750 servers in 140 different countries. But in addition to the VPN service, a subscription to PureVPN includes a host of extra security features.
Included in the PureVPN software bundle is anti virus and anti malware protection, to stop your device from becoming infected by malicious software. There is also an anti spam filter which you can use to stop spam from flooding your email inbox. A handy feature for mobile users is app filtering, which lets you decide which apps should send their data through the VPN and which can send data directly and unencrypted over your regular connection. In addition to this there is DDoS protection to prevent your device being used in a cyber attack, a kill switch to stop you from accidentally sending data over an unsecured connection, an option for a dedicated IP for those who want that service, and a NAT firewall for even more protection.
The software can be installed on Windows, Mac OS, Android, iOS, and Android TV devices, in addition to browser extensions which are available for the Chrome and Firefox browsers.
To save money on PureVPN, you can take advantange of a 73% discount on the two year plan, for a total cost of $2.95 per month, with a seven day money back guarantee.
The Onavo app which describes itself as a VPN and which Facebook is promoting as cyber protection software is essentially a spywear app which users should stay far away from. Not only will the app not keep your data private, in fact it will do quite the opposite and send information about your phone use, internet history, and app use directly to Facebook. Internet security professionals are up in arms about the sleazy way that this app has been promoted and how unsuspecting users are basically being tricked into giving massive amounts of their personal data to Facebook.
You should absolutely not use Onavo – it is actually worse than not using a VPN at all. But if you do want a VPN, which is a highly advisable security measure for all users to take, then you should find a trustworthy provider. We’ve recommended four VPN providers that will keep your data safe and which will never sell your information to Facebook or to anyone else.
Have you been following the Onavo controversy? Do you think it’s wrong for Facebook to promote an app in this way, or do you think that users should read the terms of service more carefully before agreeing? Tell us what you think in the comments below.